8.2
CVE-2026-37555
- EPSS 0.5%
- Veröffentlicht 29.04.2026 00:00:00
- Zuletzt bearbeitet 30.06.2026 03:19:04
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication overflows before being assigned to sf.frames (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the product 2500000000 overflows to -1794967296. This causes incorrect frame count leading to heap buffer overflow or denial of service. Both values come from the WAV file header and are attacker-controlled. This issue was discovered after an incomplete fix for CVE-2022-33065.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libsndfile Project ≫ Libsndfile Version1.2.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.393 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
https://github.com/libsndfile/libsndfile/issues/833
https://github.com/libsndfile/libsndfile/commit/9a829113c88a51e57c1e46473e90609e4b7df151
https://gist.github.com/sgInnora/a5f5c19e4bf6f4fb74fab7b0ef2bfcc1
https://access.redhat.com/errata/RHSA-2026:30078
https://access.redhat.com/errata/RHSA-2026:30087
https://access.redhat.com/errata/RHSA-2026:30088
https://access.redhat.com/errata/RHSA-2026:30089
https://access.redhat.com/errata/RHSA-2026:19559
https://access.redhat.com/errata/RHSA-2026:19560
https://access.redhat.com/errata/RHSA-2026:19610
https://access.redhat.com/errata/RHSA-2026:23221
https://access.redhat.com/errata/RHSA-2026:23222
https://access.redhat.com/errata/RHSA-2026:23223
https://access.redhat.com/errata/RHSA-2026:25092
https://access.redhat.com/errata/RHSA-2026:25197
https://access.redhat.com/errata/RHSA-2026:25198
https://access.redhat.com/errata/RHSA-2026:25227
https://access.redhat.com/security/cve/CVE-2026-37555
https://bugzilla.redhat.com/show_bug.cgi?id=2463856
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-37555.json